General

  • Target

    dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2

  • Size

    1MB

  • Sample

    221002-stjl6sdhdm

  • MD5

    650b624d0ef2f2293049adcb28c9ebae

  • SHA1

    7704d2a2cb4888e160094b5121956917bfbe0f69

  • SHA256

    dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2

  • SHA512

    fbcb3794ef11f10397258b56ba851fb2e18ae1aae937886147b38b94745dfebbf7b9414901ceb530fc2db4a251b46b70d4f5e45c810fe76185d993e9b185c7d2

Malware Config

Targets

    • Target

      dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2

    • Size

      1MB

    • MD5

      650b624d0ef2f2293049adcb28c9ebae

    • SHA1

      7704d2a2cb4888e160094b5121956917bfbe0f69

    • SHA256

      dd3449650d2ffc0a3f66fe92693c5de66de7983b356819e9ec34567f81e396c2

    • SHA512

      fbcb3794ef11f10397258b56ba851fb2e18ae1aae937886147b38b94745dfebbf7b9414901ceb530fc2db4a251b46b70d4f5e45c810fe76185d993e9b185c7d2

    • Adds Run key to start application

    • Detected potential entity reuse from brand microsoft.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Privilege Escalation